The Dark Web is part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.
While there are legitimate purposes to the Dark Web, it is estimated that over 50% of all sites on the Dark Web are used for criminal activities, including the disclosure and sale of business credentials. Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by a third party — but by then, it’s too late.
Why we’re all vulnerable
Passwords are a 20th-century solution to a 21st-century problem. Unfortunately, usernames and passwords – the most common digital credentials used today – are all that stands between your employees and vital online services, including corporate networks, social media sites, e-commerce sites, and others. A good security practice is to use a completely different password for every service, but the fact is that nearly 40% of users replicate the same or very similar passwords for each service they use.
How are credentials compromised?
While there is always a risk that attackers will compromise a company’s systems through advanced attacks, most data breaches exploit common vectors such as known vulnerabilities, unpatched systems, and unaware employees. Some of the tactics hackers use to steal credentials include;
- Phishing – hackers send emails disguised as a legitimate message that trick users into disclosing their credentials.
- Watering holes – hackers target a popular site (social media or intranet) and inject malware which captures user credentials.
- Malvertising – malware injection, this time into legitimate online advertising networks
- Web Attacks – hackers scan internet-facing company assets for vulnerabilities. When discovered they exploit these, and after establishing a foothold, they move laterally through the network to discover credentials.
What can an attacker do with compromised credentials?
Once they have your details, hackers can:
- Send spam from compromised email accounts
- Deface websites and host malicious content
- Install Malware on compromised systems
- Compromise other accounts that use the same credentials
- Steal sensitive data
- Steal your identity
If it’s found that my organisation has leaked credentials, does it mean we’re being targeted?
While we can’t say definitively that the data discovered has already been used to exploit your organisation, the fact that we are able to identify this data should be very concerning. Organisations with exposed credentials should work to determine if they have suffered a cyber incident or data breach.
How can I protect my organisation?
There is no single silver bullet solution that can protect against all possible attack vectors. However, you can still take steps to mitigate the most common forms of attack – statistically, these attacks are most likely to leverage passwords compromised on the Dark Web or human error due to insufficient cybersecurity training. As an IT service provider, we believe Dark Web monitoring acts as an early warning system by helping to mitigate the effects caused by a breach. We will be here to help you in case of any breach-related damage, but knowing about it early or preventing it altogether, is always best.
If you are interested in learning more about Dark Web monitoring, please contact us.